single vs multiple hostapd instances

Jouni Malinen j at
Wed Feb 11 03:40:24 EST 2015

On Tue, Feb 10, 2015 at 05:42:12PM -0800, Ben Greear wrote:
> On 02/10/2015 04:23 PM, Bill Hegardt wrote:
> > On a dual band platform with 2 radios, is there a functional difference between running a single instance of hostapd for both radios vs
> > separate instances of hostapd?  For example, does a single instance of hostapd have an advantage when a station roams between the radios and
> > handle the roam more efficiently?
> > 
> > I would assume there is no good reason to run separate instances. True?
> If you have two cores it should speed up things a bit...each hostapd can be
> handling encryption and so forth on it's own core for it's own wifi NIC....

While it is true that there may be some operations where two cores could
help in such a case, "encryption" can be a bit misleading term to use
here. All the actual encryption of data frames happens in the kernel or
hardware and hostapd is in no way involved in that part. The
cryptographic operations that take some CPU in hostapd would be for
things like EAPOL-Key processing or WPS. When such operations are
happening concurrently, two processes could potentially show some
benefit. Whether that is significant for any real use case is another
question, though.

A single instance of hostapd process does have benefits for roaming
cases especially with WPA2-Enterprise since it can share the same PMKSA
cache and avoid full EAP authentication when roaming from one BSS to
another one controlled by the same hostapd process. There are also other
cases like WPS where a single process has much better coordination
between the BSSes in the same device. As such, my general recommendation
would be to use a single hostapd process in this type of cases.

If there are cases where a noticeable benefit would be demonstrably
achievable with better use of multiple cores, it would be be better to
think of possibilities of using multithreaded design at least for some
operations (e.g., "offload" an operation that is expected to take
significant amount of time to a helper thread). These things can help
even with a single BSS, so doing this at interface/hostapd-process level
would be missing many of the possible optimizations.
Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list